Nikolay Tatarinov
57c24a79af
- Added ALLOWED_USERNAMES and ADMIN_USERNAMES to .env.example for user access control. - Implemented validation of Telegram Web App initData in a new telegram_auth.py module. - Enhanced API to check user access before fetching duties. - Updated README with instructions for configuring miniapp access. - Modified .dockerignore and .gitignore to include data directory and database files.
35 lines
1.3 KiB
Python
35 lines
1.3 KiB
Python
"""Load configuration from environment. Fail fast if BOT_TOKEN is missing."""
|
|
import os
|
|
from pathlib import Path
|
|
|
|
from dotenv import load_dotenv
|
|
|
|
load_dotenv()
|
|
|
|
BOT_TOKEN = os.getenv("BOT_TOKEN")
|
|
if not BOT_TOKEN:
|
|
raise SystemExit("BOT_TOKEN is not set. Copy .env.example to .env and set your token from @BotFather.")
|
|
|
|
DATABASE_URL = os.getenv("DATABASE_URL", "sqlite:///data/duty_teller.db")
|
|
MINI_APP_BASE_URL = os.getenv("MINI_APP_BASE_URL", "").rstrip("/")
|
|
HTTP_PORT = int(os.getenv("HTTP_PORT", "8080"))
|
|
DATA_DIR = Path(__file__).resolve().parent / "data"
|
|
|
|
# Miniapp access: comma-separated Telegram usernames (no @). Empty = no one allowed.
|
|
_raw_allowed = os.getenv("ALLOWED_USERNAMES", "").strip()
|
|
ALLOWED_USERNAMES = {s.strip().lstrip("@").lower() for s in _raw_allowed.split(",") if s.strip()}
|
|
|
|
_raw_admin = os.getenv("ADMIN_USERNAMES", "").strip()
|
|
ADMIN_USERNAMES = {s.strip().lstrip("@").lower() for s in _raw_admin.split(",") if s.strip()}
|
|
|
|
|
|
def is_admin(username: str) -> bool:
|
|
"""True if the given Telegram username (no @, any case) is in ADMIN_USERNAMES."""
|
|
return (username or "").strip().lower() in ADMIN_USERNAMES
|
|
|
|
|
|
def can_access_miniapp(username: str) -> bool:
|
|
"""True if username is in ALLOWED_USERNAMES or ADMIN_USERNAMES."""
|
|
u = (username or "").strip().lower()
|
|
return u in ALLOWED_USERNAMES or u in ADMIN_USERNAMES
|